final review ccna

Author: danno-shepard

Post on 10-Apr-2018

221 views

Category:

Documents


0 download

Embed Size (px)

TRANSCRIPT

  • 8/8/2019 Final Review CCNA

    1/19

    OSI Reference Points

    OSI Layer Data Flow Layer Network Reference Network Device

    Application Upper

    Presentation Upper

    Session Upper PDU or Message

    Transport Data Flow Segment

    Network Data Flow Packet or Datagram MultiLayer Switch or Router

    Data Link Data Flow Frame Switch or Bridge

    Physical Data Flow Bits and Signaling Hub

    OSI Layers

    OSI Layer Purpose Examples

    Application

    Provides services to network applications.This layer is responsible for determiningresource availability, identifyingcommunications peers, and synchronizingcommunications between the applications.

    Simple Mail Transport Protocol (SMTP) Telnet File Transfer Protocol (FTP) Trivial File Transfer Protocol (TFTP) HyperText transfer Protocol (HTTP)

    Presentation

    Provides the coding and conversion functionsthat are applied to the data to/from theApplication layer. This layer ensures that thereis a common scheme used to bundle the databetween the two ends. There are variousexamples and this list is by no means

    complete. Text can be either ASCII orEBCDIC. Images can be JPEG, GIF, or TIFF.Sound can be MPEG or Quicktime

    ASCII (text) EBCDIC (text) JPEG (image) GIF (image) TIFF (image)

    MPEG (sound/video) Quicktime (sound/video)

    Session

    Maintains communications sessions betweenupper-layer applications. This layer isresponsible for establishing, maintaining, andterminating such sessions

    Session Control Protocol (SPC) Remote Procedure Call (RPC) from Unix Zone Information Protocol (ZIP) fromAppleTalk

    Transport

    Responsible for end-to-end data transmission.These communications can be either reliable(connection-oriented) or non-reliable(connectionless). This layer organizes datafrom various upper layer applications into data

    streams. The transport layer also handles end-to-end flow control, multiplexing, virtual circuitmanagement, and error checking andrecovery.

    Transmission Control Protocol (TCP) from IP User Datagram Protocol (UDP) from IP

    Network

    Uses administrator-defined logical addressingto combine many data flows into aninternetwork. This layer allows bothconnection-oriented and connectionless dataflows to access the network. The network layeraddresses help define a network hierarchy.Network devices are normally groupedtogether based on their common NetworkLayer address.

    Internet Protocol (IP)

  • 8/8/2019 Final Review CCNA

    2/19

    OSI Layer Purpose Examples

    Data Link

    Provides either reliable or non-reliabletransmission of data across a physicalmedium. Most networks use a non-reliabledata link layer, such as Ethernet or TokenRing. The data Link Layer provides a physicaladdress to each device called a Media AccessControl (MAC) address. MAC addresses aretypically burned into the network interface card

    (NIC). The Data Link Layer also uses a LogicalLink Control (LLC) to determine the type ofNetwork Layer data is traveling inside theframe.

    LAN: Ethernet/IEEE 802.3 (include Fast Ethernet) 802.3z (Gigabit Ethernet) Token Ring /IEEE 802.5 FDDI (from ANSI)WAN: High-Level Data-link Control (HDLC)

    Point-to-Point Protocol (PPP) Frame Relay

    Physical

    Defines the electrical, mechanical, andfunctional specifications for maintaining aphysical link between network devices. Thislayer is responsible for such characteristics asvoltage levels, timing and clock rates,maximum transmission distances, and thephysical connectors used.

    LAN: Category 3 cabling (LAN) Category 5 cabling (LAN)WAN: EIA/TIA-232 EIA/TIA-449 V.35

    TCP/IP Layers

    Protocol OSI Reference Function

    Transmission ControlProtocol (TCP)

    Session Layer Layer 4Reliable, connection-oriented, uses sequence andacknowledgement numbers to provide reliability verifies that theremote end is listening prior to sending data (handshake).

    User Datagram

    Protocol (UDP)

    Session Layer Layer 4Non-reliable, connectionless, no sequence or acknowledgement

    numbers, and no far-end verification.

    Internet Protocol (IP) Network Layer Layer 3Provides the logical addressing structure. Offers connectionless,best-effort delivery of packets (datagrams).

    IP Protocols

    Protocol Purpose

    Internet Control

    Message Protocol(ICMP) Provides control and feedback messages between IP devices.

    Address ResolutionProtocol (ARP)

    Using a destination IP address, ARP resolves or discovers the appropriate destination MAC(layer 2) address to use. Map a Layer 3 address to a Layer 2 address.

    Reverse AddressResolution Protocol

    (RARP)

    Using a source MAC address, RARP retrieves an IP address form the RARP Server. Mapsources Layer 2 address to a Layer 3 address. RARP is an early form of BOOTP andDHCP.

  • 8/8/2019 Final Review CCNA

    3/19

    IP Addresses

    ClassFirst

    BinaryBits

    NumericalRange

    Number ofNetworks

    Number ofHosts perNetwork

    Number ofNetworkOctets

    Number ofHostsOctets

    A 0xxx 1 126* 126 16.5 million 1 (N.H.H.H) 3

    B 10xx 128 191 16 thousand 65 thousand 2 (N.N.H.H) 2

    C 110x 192 223 2 million 254 3 (N.N.N.H) 1

    D** 111x 224 239 N/A N/A N/A N/A

    E** 1111 240 255 N/A N/A N/A N/A

    * 127 is used for the Loopback address.

    ** Class D is used for Multicast Group addressing, and Class E is reserved for research use only.

    Default Subnet MasksDefault Class A mask 255.0.0.0 = N.H.H.H

    Default Class B mask 255.255.0.0 = N.N.H.HDefault Class C mask 255.255.255.0 = N.N.N.H

    6 Steps to Subnetting

    Step Rule What is learned

    1 Divide VLSM notation (CIDR) by 8 What octet to work with

    2 Plug remainder into subnet chart Multiplier and subnet

    3 Plug working octet into chart and do ANDing Base address

    4 Add Multiplier to base address and subtract 1 Broadcast Address

    5 Use remainder and use as exponent for (2n-2) Number of Networks

    6 Take remainder and subtract from 8, take that number for (2h-2) Number of Host

    Subnetting Chart

    Definitions Number of BITS

    Exponents 7 6 5 4 3 2 1 0

    Subnet mask 192 224 240 248 252 254 255

    128 64 32 16 8 4 2 1

  • 8/8/2019 Final Review CCNA

    4/19

    Possible Subnet Mask Values for One Octet

    Decimal Mask Binary Mask Network Bits Host Bits

    0 00000000 0 8

    128 10000000 1 7

    192 11000000 2 6

    224 11100000 3 5

    240 11110000 4 4

    248 11111000 5 3

    252 11111100 6 2

    254 11111110 7 1

    255 11111111 8 0

    Possible Class C Subnet Masks

    Decimal Mask Network Bits (x) Host Bits (y)Number ofSubnets

    2s 2

    Number ofHosts

    2r 2255.255.255.0 0 8 0 254

    255.255.255.128 1 7 N/A N/A

    255.255.255.192 2 6 2 62

    255.255.255.224 3 5 6 30

    255.255.255.240 4 4 14 14

    255.255.255.248 5 3 30 6

    255.255.255.252 6 2 62 2

    255.255.255.254 7 1 N/A N/A

    255.255.255.255 8 0 N/A N/A

    Port NumbersWell-known port numbers are 1 1023 (typically used for well-known applications), random port numbers are 1024 andabove (typically random numbers are used by the client in a client/server application).

    Application Port Transport

    File Transfer Protocol (FTP) 20/21 TCP

    Telnet 23 TCP

    Simple Mail Transfer Protocol (SMTP) 25 TCP

    Domain Name Services (DNS) 53 TCP

    Domain Name Services (DNS) 53 UDP

    Trivial Files Transfer Protocol (TFTP) 69 UDP

    Simple Network Management Protocol (SNMP) 161/162 UDP

    Routing Information Protocol (RIP) 520 UDP

  • 8/8/2019 Final Review CCNA

    5/19

    Network Hierarchy

    Layer Purpose Network Device

    Core

    To move network traffic as fast as possible.Characteristics include fast transport toenterprise services and no packetmanipulation.

    High-speed routers Multi-layer switches

    Distribution

    Perform packet manipulation such as filtering

    (security), routing (path determination), andWAN access (frame conversion). Thedistribution layer collects the various accesslayers. Security is implemented here, as wellas broadcast and multicast control. Mediatranslation between LAN and WAN frametypes also occurs here.

    Routers

    AccessWhere end-stations are introduced to thenetwork. This is the entry point for virtually allworkstations.

    Switches Bridges Hubs

    Half-Duplex vs. Full-Duplex

    Duplex Type Advantages Defaults

    Half-Duplex

    Network devices us the same pair of wire to both transmit andreceive

    Only possible to use 50% of the available bandwidth mustuse the same bandwidth to send and receive

    Available bandwidth decreases as number of devices in thebroadcast domain increases

    Used through hubs (layer 1 devices) everyone shares theavailable bandwidth

    10 Mbps

    (Auto by default)

    Full-Duplex

    Uses one pair of wire for sending and another pair forreceiving.

    Effectively provides double the bandwidth possible to sendand receive at the same time.

    Must be point-to-point stations, such as pc/server-to-switch orrouter-to-switch.

    Everyone has their own collision domain (individual bandwidth)on each switch port.

    100 Mbps ports

    (Auto by default)

    LAN Segmentation = Dividing Up Collision Domains

    Device Abilities

    BridgeExamines destination MAC address and makes filtering/forwarding decisions based on it.Unknown, Broadcast, and Multicast frames are flooded out all ports except the originator. Eachport of a bridge is a collision domain.

    Switch

    Examines destination MAC address and makes filtering/forwarding decisions based on it.Unknown, Broadcast, and Multicast frames are flooded out all ports within that VLAN except theoriginator. Each port of a switch is a collision domain. Each VLAN is a broadcast domain. Benefitsinclude simplifying moves, adds, and changes, reducing administrative costs, controllingbroadcasts, tightened security, load distribution, and moving servers into a secure location.

    RouterExamines destination network (logical layer3) address and makes filtering/forwarding decisionsbased on it. Unknown and broadcast frames are discarded. Each port of a router is both a collision

    and broadcast domain.

  • 8/8/2019 Final Review CCNA

    6/19

    Comparison of Bridges and Switches

    Bridges Switches

    Software Based Hardware-based (port-level ASICs)

    Relatively Slow Comparatively fast

    One STP per Bridge Possibly many STPs per switch (possibly one per VLAN)

    Typically up to 16 Ports Possibly hundreds of ports

    LAN Switch Functions

    Function Purpose

    AddressLearning

    Dynamically learns MAC addresses that arrive in the switch by reading the sources MACaddress of each arriving frame. If this address is not in the current MAC table, and there isenough space to store it, the address and the inbound port are stored.

    Forward/Filter

    Compare the destination MAC address of the arriving frame to the dynamically-learned MAC

    table. If the address is in the table only forward the frame out the port specified in the table,thus filtering it from other ports. If the MAC address is not in the MAC table (unknown MACaddress) or it is a broadcast or multicast frame, the frame is flooded out every other portexcept the one it arrived from.

    LoopAvoidance

    Since the default behavior of a switch is to forward unknown unicast, broadcast, andmulticast frames, it is possible for one frame to Loop endlessly through a redundant (multiplepath) network. Thus the Spanning Tree Protocol (STP) is turned on to discourage loops in aredundant switch network.

    Forwarding Modes in a Switch

    Mode Description Latency

    Store-and-ForwardThe entire frame is buffered, the CRC isexamined for errors and frame is checked forcorrect sizing (Ethernet 64 1518 bytes).

    Relatively High.Varies depending on frame size.

    Cut-Through

    The frame is forwarded once the destinationMAC address (first 6 bytes) arrives and ischecked against the MAC address table.Buffer until the 6th byte arrives.

    Lowest.Fixed delay based on 6 bytes being buffered.Not configurable on a Catalyst 1900.

    Fragment-Free(Cisco)

    The frame is forwarded once the first 64 byteshave arrived. Buffering occurs until the 64thbyte arrives. Ethernet collisions usually occurwithin the first 64 bytes, thus if 64 bytes arrivethere is no collision.

    Low.Fixed delay based on 64 bytes being buffered.Default on Catalyst 1900.

  • 8/8/2019 Final Review CCNA

    7/19

    Sources of Switching/Bridging Loops

    Source Description

    Redundant TopologyUnknown Frames are flooded out all ports. If there are multiple paths, than a flood would goout all ports, except the originator, and come back in on the other ports, thus creating a loop.

    Multiple Frame Copies

    Two machines live (connect) on the same wire. They send frames to each other withoutassistance. If there are two bridges/switches attached to the same wire, who are alsoconnected together, then new frames (unknown) going from one machine (same wire) would

    go directly to the other machine (same wire) and would also be flooded through thebridges/switches (connected wire) and be flooded back through the bridges/switches to theoriginal wire. The receiving machine would receive multiple copies of the same frame.

    MAC DatabaseInstability

    Thanks to a bridging/switching loop (senairo above), one bridge/switch learns the sameMAC address on different ports. Thus, if a bridge/switch needed to forward a frame to itsdestination MAC address, it would have two possible destination ports.

    Solution to Bridging/Switching LoopsProtocol Description

    Bridges/switches communicate with Bridge Protocol Data Units (BPDUs).

    The BPDU carries the Bridge ID and the Root ID Each bridge/switch has a unique Bridge ID,

    which is the priority (or priority and extend system ID) followed by the base MAC address of the

    bridge/switch. Only the priority (or priority and extend system ID) can be modified.

    The device with the lowest Bridge ID becomes the Root. Only the Root is allowed to send BPDUs.

    Initially, prior to receiving any BPDUs from other devices, every bridge/switch thinks it is the

    Root, and thus sends a BPDU to every other Bridge/switch. This always occurs when a new

    Bridge/switch is added to an existing network.

    After the round of BPDUs, every bridge/switch becomes aware of the lowest Bridge ID (the Rootdevice). Only the Root continues to send BPDUs.BPDUs are sent, by default, every two (2) seconds.Every Bridge/switch receives BPDUs from the Root. If multiple BPDUs are received, then there

    must be a loop in the network. The BPDU with the lowest cost is the best path to the Root.

    The goal of every non-root bridge/switch is to find the most efficient path to the Root.

    Ports that are not the most efficient path to the root, and are not needed to reach any other

    downstream bridge/switch, are blocked. Blocked ports still receive BPDUs.

    If the primary path ceases to receive a BPDU, STP eventually forwards packets on an alternate port

    Blocked ports are re-evaluated to find the most efficient and that port is un-blocked so a path can be

    reestablished to the root.

    Forwarding ports are also called Designated ports (DP).

    Blocked ports are also called non-Designated ports (BLK).

    The port that is forwarding to the Root is called the Root port (RP).

    The Root Bridge/switch ports never block and are always designated ports (DP).

    Bridge/switch convergence is the time between a break occurring and an STP calculating analternate path. Typically 30 50 seconds.

    802.1

    d

    SpanningTreeProto

    col(STP)

    Port convergence is the time it takes for STP to calculate whether a port will be in forwarding orblocking mode. Typically 50 seconds.

  • 8/8/2019 Final Review CCNA

    8/19

    IOS and Configuration File Locations

    Memory Type Contents

    RAM Operating environment

    MVRAM Backup (startup) copy of the configuration file, single file only

    ROM IOS subset (RxBoot) (only if the hardware supports it ROM Monitor (ROMMON)

    FlashCompressed IOS (non-compressed if 2500 series) Binary file storage capabilities (if enoughspace)

    PCMCIA Like Flash, some machines have multiple PCMCIA slots available

    Share I/O I/O buffer for interfaces

    Enhanced Editing Commands

    Function Syntax

    Move to beginning of line Ctrl-AMove to end of line Ctrl-B

    Move back one word Esc-B

    Move forward one word Esc-F

    Recall previous command (up in buffer history) Ctrl-P or up arrow

    Move down through history buffer Ctrl-N or down arrow

    Operating Modes

    Mode Prompt Sample Functions

    User Router> Read-only privileges Examine Interface status Examine router status

    Privileged Router#

    Full privileges to read, write, modify, copy, and delete Examine interface status Examine router status Examine configuration file Change IOS and configuration file

    Example:

    Router> enable password password

    Configuration Router(config)#

    Modify the active (running) configuration file

    Example:

    Router# configure terminalRouter(config)#

  • 8/8/2019 Final Review CCNA

    9/19

    Some Miscellaneous IOS Commands

    Function Mode Syntax

    Configure a Banner Config Router(config)#banner motd # banner #

    Configure the router name Config Router(config)# hostname name

    Examine the backup configuration in NVRAM Privileged Router#show startup-config

    Examine the active configuration in RAM Privileged Router#show running-config

    Display the contents of Flash memory User of Privileged Router>show flash

    Save the active configuration to NVRAM Privileged Router#copy running-config startup-config

    Restore the backup configuration to RAM Privileged Router#copy startup-config running-config

    Save the active configuration to a TFTPServer

    Privileged Router#copy running-config tftp

    Restore a configuration file from a TFTPServer

    Privileged Router#copy tftp running-config

    Write the current IOS out to a TFTP Server Privileged Router#copy flash tftp

    Load a different IOS into the router Privileged Router#copy tftp flash

    Erase the backup configuration from NVRAM Privileged Router#erase startup-config

    Boot using a different IOS in Flash Config Router(config)#boot system flash filename

    Boot from a TFTP Server ConfigRouter (config)#boot system tftp ip-addressfilename

    Configure the router as a TFTP Server Config Router(config)#tftp-server flash filename

    Reboot the router Privileged Router#reload

    Use the setup utility Privileged Router#setup

    Display directly-connected Cisco neighbors User or Privileged Router> show cdp neighbor

    Display the command history buffer User or Privileged Router>show history

    Configure the length of the history buffer Privileged Router#terminal history size line-count

    Display the current IOS, router run-time,amount of memory, and interfaces installed

    User or Privileged Router>show version

    Configure logout delay Line ConfigRouter(config-line)# exec-timeout minutes

    seconds

    Configure clocking on a DCE interface Interface Config Router(config-if)# clock rate bps-value

    Configure the bandwidth on an interface Interface Config Router(config-if)# bandwidth Kbps-value

    Display the IP routing table User or Privileged Router>show ip route

    Display the physical characteristics of aninterface

    User or Privileged Router>show interfaces type number

    Display the logical characteristics of aninterface

    User or Privileged Router>Show protocol interface type number

  • 8/8/2019 Final Review CCNA

    10/19

    Password Configuration

    Mode Location Syntax

    User Console Port Router# configure terminalRouter(config)#line console 0Router(config-line)# password stringRouter(config-line)# login

    User Auxiliary Port Router#configure terminalRouter(config)#line auxiliary 0Router(config-line)# password stringRouter(config-line)# login

    User VTY Access Router#configure terminalRouter(config)#line vty 0 4Router(config-line)# password stringRouter(config-line)# login

    Encrypting ServicePasswords

    N/A Router(config)# service-password encrypt

    Privilege (secret) N/A Router#configure terminalRouter(config)#enable secret string

    Privilege (enable) N/A Router# configure terminalRouter(config)# enable password string

  • 8/8/2019 Final Review CCNA

    11/19

    RoutingThe process of maintaining a table of destination network addresses. A router will discard packets for unknown networks.

    Sources of Routing Information

    Source Description

    Static

    Manually configured by an administrator

    Must account for every destination network Each static route must be configured on each router No overhead in processing, sending, or receiving updates Saves bandwidth and router CPU Routing table maintained by administrator

    Dynamic

    A process that automatically exchanges information about available routes Uses metrics to determine the best path to a destination network The routing protocol must be configured on each router Bandwidth is consumed as routing updates are transmitted between routers Router CPU is used to process, send, and receive routing information Routing table maintained by routing process

    Routing Configuration Commands

    Type Syntax

    Sta

    tic

    Router(config)# ip route dest-address subnet-mask next-hop or exit-interface

    dest-network is the network in question subnet-mask is the network in question next-hop is the network in question exit-interface is the network in question -either the next-hop or exit-interface are used, but not both

    Example:

    Router# configure terminalRouter(config)# ip route 172.16.0.0 255.255.0.0 serial0orRouter(config)# ip route 172.16.0.0 255.255.0.0 172.16.1.1

    Dynamic

    Router(config)# router protocol keywordRouter(config-router) network network-number

    protocol is the routing protocol being used keyword is an optional parameter for some routing protocols network-number is the directly connected network that will be used to send and receive routingupdates; enables all interfaces that use that network address

    Example 1:Router# configure terminalRouter(config)# router ripRouter(config-router)# network 172.16.0.0Router(config-router)# network 192.168.20.0

    Example 2:Router(config)# router OSPF 100Router(config-router)# network 172.16.0.0 0.0.255.255 area 0Router(config-router)# network 192.168.20.00.0.0.255 area 0

  • 8/8/2019 Final Review CCNA

    12/19

    Types of Routing Protocol

    Type Description

    Interior Used within a common administrative domain called an Autonomous System (AS) Typically a single AS is controlled by a single authority or company Interior routing protocols are used within a corporate network

    Exterior Used to connect Autonomous Systems Exchanges routing information between different administrative domains Exterior protocols are used to connect sites within a very large corporate network, or are used toconnect to the Internet

    Classes of Routing Protocol

    Class Description

    DistanceVector

    Maintains a vector (direction and distance) to each network in the routing table Typically sends periodic (update interval) routing updates Typically sends entire routing table during update cycle Routing updates are processed and then resent by each router, thus the updates are second-handinformation (routing by rumor) Typically prone to routing loops (disagreement between routers) and count to infinity (routing metricscontinue to accumulate indefinitely) Solutions to these problems include:

    Spilt Horizon do not send updates back to where they came from eliminates back-to-back router loops

    Define a maximum metric eliminates count to infinity problemRoute poisoning set the advertised metric to the maximum value on routes that have gone downPoison reverse overrides split horizon by informing the source of a route that it has gone down

    Hold-down timers eliminates long-distance loops by ignoring updates about possibly down routesthat have metrics worse than the current metricTriggered updates send an individual update immediately when a route is thought to be down,rather than wait for the periodic update timer (also called flash updates)

    Link

    State

    Maintains a complete topological map (database) of entire network, separate from the routing table(forwarding table) Sends updates only when necessary Only sends information that has changed, not the entire database Does not send information from the routing table, but rather from the database The initial routing update is sent to every link state router in the network (flooding) via a multicast IP

    address, not a processed copy as with distance vector protocols Routing table is individually calculated on each router from its database. This process is calledShortest Path First or SPF The database typically requires as much memory as the routing table When SPF runs, it is CPU intensive Uses hello packets to maintain a database of link state neighbors throughout the network

  • 8/8/2019 Final Review CCNA

    13/19

    Examples of Routing Protocols

    ProtocolDVorLS

    Internalor

    ExternalCharacteristics

    RoutingInformation

    Protocol (RIP)DV Internal

    Sends periodic updates every 30 seconds by default Sends the entire routing table out every interface, minus the routeslearned from that interface (split horizon)

    Uses hop count as a metric Has a maximum reachable hop count of 15 (16 is the definedmaximum) Sends updates out as a broadcast (RIP V1) RIP V2 uses a multicast address of 244.0.0.10

    Interior GatewayRouting Protocol

    (IGRP)DV Internal

    Sends periodic updates every 90 seconds by default Sends the entire routing table out every interface, minus the routeslearned from that interface (split horizon) Uses a composite metric consisting of bandwidth, delay, reliability,load, and MTU Only uses bandwidth and delay by default (configurable) Does track hop count but only uses it as a tie-breaker

    Default maximum hop count is 100, but is configurable up to 255maximum Sends updates out as a broadcast

    EnhancedInterior GatewayRouting Protocol

    (EIGRP)

    Adv. DV Internal

    Considered an advanced distance vector routing protocol Uses a Diffusing update algorithm (DUAL) Sends triggered updates when necessary Sends only information that has changed, not entire routing table Uses a composite metric consisting of bandwidth, delay, reliability,load, and MTU Only uses bandwidth and delay by default (configurable) Does track hop count but only uses it as a tie-breaker Default maximum hop count is 224, but is configurable up to 255

    maximum Sends updates out on a multicast address of 224.0.0.9

    Open ShortestPath First(OSPF)

    LS Internal

    Sends triggered updates when necessary Sends only information that has changed, not entire routing table Uses a cost metric Interface bandwidth is used to calculate cost (Cisco) Uses two multicast addresses of 224.0.0.5 and 224.0.0.6

    Border Gateway

    Protocol (BGP)

    DV External

    Actually a very advanced distance vector routing protocol Sends triggered updates when necessary Sends only information that has changed, not entire routing table Uses a complex metric system

  • 8/8/2019 Final Review CCNA

    14/19

    Access List Syntax

    Direction Description

    Inbound Interrogates packets as they arrive, before they are routed Can deny a packet before using CPU cycles to process it then deny it

    Outbound Interrogates packets after they are routed to the destination interface Packets can be discarded after they have been routed Default configuration when applying access lists to the interface

    Standard

    Router(config)# access-list number permit or deny source-ip wildcard-mask

    Number is in the range of 1-99, 1300-1999 Each line either permits or denies Only examines the sources IP address from the IP packet Wildcard mask allows a single line to match a range of IP addresses Default mask is 0.0.0.0 Wildcard mask of 0.0.0.0 is exact match of source IP address The word host can be substituted for the mask 0.0.0.0 Wildcard mask of 255.255.255.255 means match every IP address The word any can be substituted for the mask 255.255.255.255

    Extended

    Router(config)# access-list number permit or deny source-ip source-mask operator source-port destination-ip destination-mask operator destination-port

    Number is in the range of 100 199, 2000 2699 Each line either permits or denies Examines anything in the IP header: source and destination addresses, protocols, and ports Protocol can be IP, ICMP, IGRP, EIGRP, OSPF, UDP, TCP, and others Wildcard mask allows a single line to match a range of IP addresses Port numbers are optional and can only be entered if the protocol is UDP or TCP. Portnumbers are in the range of 1 65535

    A protocol of ICMP, the port numbers becomes an ICMP type code Operators are a Boolean function of gt, lt, neq, or range. LT is less than, GT is greater than,NEQ is not equal to, and RANGE is a range of ports

    Boolean operators are only used with TCP or UDP Wildcard mask of 0.0.0.0 is exact match of source IP address The word host can be substituted for the mask 0.0.0.0 Wildcard mask of 255.255.255.255 means match every IP address The word any can be substituted for the mask 255.255.255.255

    Named

    Same structure as Standard or Extended except alphanumeric string

    Router(config)# access-list standard nameRouter(config-std-nacl)# permit or deny source-ip wildcard-maskorRouter(config)# access-list extended nameRouter(config-ext-nacl)#permit or deny source-ip source-mask operator source-port

    destination-ip destination-mask operator destination-port

    Interface

    Router(config-if)# ip access-group number in or out Number is the access list being referenced; standard, extended, or named In or out specifies the direction of the frame flow through the interface for the access list to beexecuted. Out is the default

    VirtualTerminal

    (VTY)

    Router(config)# line vty vt# or vty-rangeRouter(config-line)# access-class number in or out

    Restricts incoming or outgoing vty connections for address in access list Number is the access list being referenced; standard, extended, or named

  • 8/8/2019 Final Review CCNA

    15/19

    IP Access Lists

    Type Numbers Criteria Location

    Standard1 99

    1300 1999 Source IP address Close to the destination

    Extended 100 1992000 2699

    Source IP address Destination IP address Source protocol number

    Destination protocolnumber

    Source port number Destination port number

    Close to the source

    Named Alphanumeric string Same as standard extended orextended

    Close to either destinationor source

    Wildcard Masks

    Mask Match Dont Care Example

    0.0.0.0 Every octet N/A 172.16.10.1 = 172.16.10.1

    0.0.0.255 First three octets Last octet 172.16.10.1 = 172.16.10.0

    0.0.255.255 First two octets Last two octets 172.16.10.1 = 172.16.0.0

    0.255.255.255 First octet Last three octet 172.16.10.1 = 172.0.0.0

    255.255.255.255 N/A Every octet 172.16.10.1 = 0.0.0.0

    Network Address Translation NAT

    Function Syntax

    Marks the interface as connected to the inside Router(config-if)# ip nat inside

    Marks the interface as connected to the outside Router(config-if)# ip nat outside

    Establishes static translation between an insidelocal address and an inside global address

    Router(config)#ip nat inside source static local-ip global-ip

    Defines a pool of global addresses to be allocatedas needed

    Router(config)#ip nat pool start-ip end-ip {netmask netmask |prefix-length prefix-length}

    Establishes dynamic source translation to a poolbased on the ACL

    Router(config)#ip nat inside source list access-list-number poolname

    Establishes dynamic source translation to ainterface based on the ACL

    Router(config)#ip nat source list access-list-number interfaceinterface overload

    Displays active translation Router#show ip nat translations

    Displays translation statistics Router#show ip nat statistics

    Clears all dynamic address translation entries Router#clear ip nat translation *

    Clears a simple dynamic translation entry that hasan inside translation or both inside and outsidetranslation

    Router#clear ip nat translation inside global-ip local-ip [outsidelocal-ip global-ip]

    Clears a simple dynamic translation entry that hasan outside translation

    Router#clear ip nat translation outside local-ip global-ip

    Clears an extended dynamic translation entryRouter#clear ip nat translation protocol inside global-ip global-port local-ip local-port [outside local-ip local-port global-ip global-port]

  • 8/8/2019 Final Review CCNA

    16/19

    WAN Connection Types

    Connection Definition

    Leased Line

    A pre-established, private connection from one site to another through a providersnetwork

    Also called a dedicated circuit or a dedicated connection Always a point-to-point connection between two end points Used when there is a constant flow of data, or when a dedicated amount of bandwidth isrequired

    One router interface is connected to one destination site Examples PPP, HDLC

    Circuit Switching

    A dial-up connection through a providers voice-grade network Either uses an analog modem or an ISDN connection Used when only a slow-speed connection is needed, or when there is not much of aneed to transfer a lot of data

    One call establishes a circuit to one destination site Examples PPP, HDLC, SLIP

    Packet Switching

    Each site only uses one physical connection into the providers network, however theremay be multiple virtual circuits to various destinations

    Typically less expensive than leased lines, because you are mixing various data streamsacross a single link

    Used when a dedicated connection is needed, but cost savings is important Examples Frame Relay, X.25

    Cell Switching

    Each site only uses one physical connection into the providers network, however theremay be multiple virtual circuits to various destinations Typically less expensive than leased lines, because you are mixing various data streamsacross a single link Uses fixed-size packets called cells to achieve faster and more predicable transportthrough the network Examples ATM, SMDS

    High-Level DataLink Control

    (HDLC)

    A Cisco-proprietary serial encapsulation Allows multiple network-layer protocols to travel across Default encapsulation for all serial interfaces on a Cisco router One router interface only goes to one destination

    Point-to-PointProtocol (PPP)

    An open-standard serial encapsulation Allows multiple network-layer protocols to travel across Allows optional link-layer authentication (CHAP or PAP) One router interface only goes to one destination

    Serial LineInternet Protocol

    (SLIP)

    An open-standard serial encapsulation Allows only IP to travel across One router interface only goes to one destination

    Frame Relay

    A very popular packet switching standard

    Uses switched virtual circuits (SVCs) or permanent virtual circuits (PVCs) Allows multiple network-layer protocols to travel across Each virtual circuit is a private channel between two end points One router interface may have many virtual circuits, going to the same location orvarious locations

    X.25

    An old, but still available, packet switching standard Uses switched virtual circuits (SVCs) or permanent virtual circuits (PVCs) Allows multiple network-layer protocols to travel across Each virtual circuit is a private channel between two end points One router interface may have many virtual circuits, going to the same

  • 8/8/2019 Final Review CCNA

    17/19

    Popular WAN Terms

    Term Definition

    Customer PremiseEquipment (CPE)

    Network devices/equipment physically located at the customers location/site Customer is typically required to procure/maintain this equipment Equipment could include routers and CSU/DSUs

    Central Office (CO) The facility that provides WAN services to the customer Source of analog phone service, ISDN service, DSL service, frame relay connections,X.25 connections, and leased lines

    Local Loop The link from the providers CO to the customers demarc Also called the last mile Normally not more than a few miles

    Demarcation Point(Demarc)

    The line between the customer site and the provider network Inside of the demarc is the CPE Outside of the demarc is the local loop

    Toll Network The providers network Inside the WAN cloud Typically smoke and mirrors to a customer

    ISDN Interface Types

    Interface Type Characteristics

    Basic Rate Interface (BRI) 2 Bearer (B) channels, 64 Kbps data each 1 control channel (D), 16 Kbps

    Primary Rate Interface (PRI)

    23 Bearer (B) channels, 64 Kbps data each across a T1 circuit, typically seen inNorth America and Japan 30 Bearer (B) channels, 64 Kbps data each across an E1 circuit, typically seen inAustralia and Europe 1 control channel (D), 64 Kbps

    ISDN Device Types

    Device Function

    Network Termination 1 (NT-1) Converts BRI signals into a form used by the ISDN digital line

    Network Termination 2 (NT-2) The aggregation point of ISDN services at a customer site

    Terminal Adapter (TA) Converts analog signals into BRI signals

    Terminal Endpoint 1 (TE-1) A devices that has an ISDN interface, such as a router

    Terminal Endpoint 2 (TE-2)A device that does not have any ISDN interfaces and requires a TA to access theISDN network, such as a PC

    ISDN Reference Points

    Reference Point Function

    R The point between a non-ISDN device and the TA

    S The point between the TA and the NT-2, or between ISDN devices and the NT-2

    T The point between the NT-2 and the NT-1

    U The point between the NT-1 and the ISDN provider

  • 8/8/2019 Final Review CCNA

    18/19

    ISDN Protocols

    Reference Point Function

    E-series Recommend telephone network standards

    I-series Deal with concepts, terminology, and general methods used within ISDN

    Q-series Cover switching and signaling through the ISDN cloud

    Sample ISDN CommandsFunction Mode Syntax

    Configure the ISDNswitch type

    configRouter(config)# isdn switch-type switch

    switch types include basic-dms100, basic-5ess and basic-ni

    Create a static route config

    Router(config)# ip route network mask destination-ip

    network is the other side of the ISDN cloud, since there is no dynamicrouting protocol running across the ISDN network mask is the subnet mask to specify the distant network destination-IP is the IP address of the BRI interface of the remote site

    Create a dialer list config

    Router(config)# dialer-list number protocol protocolpermit

    number can be from 1 10 protocol can be any protocol, such as IP or IPX

    Access the BRIinterface

    config Router(config)# interface bri number

    Assign SPID numbers interface config

    Router(config-if)# isdn spid1 spid-number

    spid-number is the logical circuit ID assigned by the ISDN provider there might be two SPID numbers, thus the second one would bereferenced as spid2

    Reference the dialerlist

    interface configRouter(config-if)# dialer-group number

    number is the dialer list created earlier

    Create a map to pointto and dial the remote

    siteinterface config

    Router(config-if)# dialer map protocol destination-ip dial-number

    protocol is the protocol being mapped across the ISND cloud, such as IPor IPX

    destination-IP is the IP address of the BRI port on the other side of theISDN cloud, specified by the static route

    dial-number is the ISDN phone number of the remote site

  • 8/8/2019 Final Review CCNA

    19/19

    Frame Relay Terms

    Term Definition

    Local Access RateConnection rate between a frame relay site and the frame relay provider. Many virtualcircuits run across a single access point.

    Virtual Circuit

    Logical connection between two end points

    Permanent Virtual Circuit (PVC) the circuit is always available, and the bandwidth forthe circuit is always allocated

    Switched Virtual Circuit (SVC) the circuit is built when needed, and the bandwidth isreturned when the circuit is closed

    Data Link ConnectionIdentifier (DLCI)

    The local reference to one end of a virtual circuit. The DLCI numbers are assigned by theframe relay providers.

    Committed InformationRate (CIR)

    The maximum allowed bandwidth through the PVC from one end to the other. Each PVCcan have a unique CIR.

    Inverse AddressResolution Protocol

    (IARP)

    The process of a frame relay device, such as a router, discovering the network-layerinformation about the devices at the other end of the PVCs.

    Local ManagementInterface (LMI)

    Signaling between the frame relay device (the router) and the frame relay switch (theprovider). LMI does not travel across the entire PVC from one end to the other.

    Sample Frame Relay Commands

    Function Mode Syntax

    access the serialinterface

    config Router(config)# interface serial number

    change theencapsulation

    interface configRouter(config-if)# encapsulation frame-relay option

    option can either be Cisco (default) or ietf (open standard)

    specify the LMI type interface config

    Router(config-if)# frame-relay lmi lmi-type

    lmi-type can be Cisco, ansi, or q933a

    this command is normally not needed, as the router will automaticallysense the LMI type if configured by the provider

    assign the local DLCI interface config

    Router(config-if)# frame-relay interface-dlci local-dlci

    local-dlci is the DLCI number of the PVC that terminates on this interface.There can be more than on DLCI on an interface.

    this command is not needed with a major interface, since the router willautomatically retrieve the DLCIs from the frame relay switch.

    create a sub-interface config

    Router(config)# interface serial number.sub point-to-point or multipoint

    point-to-point defines a subinterface that will only have one DLCI

    (interface-dlci command) multipoint defines a subinterface that may have more than one DLCI(interface-dlci command)

    create a static map interface config

    Router(config)# frame-relay map protocol destination-IP local-dlci

    protocol is the protocol being mapped across the frame relay cloud, suchas IP or IPX

    destination-IP is the IP address of the frame relay interface at the otherend of the PVC

    local-DLCI is the local DLCI needed to access the remote site this command is not needed if inverse-ARP is properly configured, andthe interface-dlci command is used